The Certified Chief Information Security Officer (CCISO) certification is an industry-leading program that recognizes the real-world experience necessary to succeed at the highest executive levels of information security. The EC-Council CCISO body of knowledge covers all five the CCISO domains in-depth and was written by seasoned CISOs for current and aspiring CISOs.

Bringing together all the components required for a C-Level position, the CCISO program combines audit management, governance, IS controls, human capital management, strategic program development, and the financial expertise vital to leading a highly successful IS program. The job of the CISO is far too important to be learned by trial and error. Executive-level management skills are not areas that should be learned on the job.

The material in the CCISO Program assumes a high-level understanding of technical topics and doesn’t spend much time on strictly technical information, but rather on the application of technical knowledge to an information security executive’s day-to-day work. The CCISO aims to bridge the gap between the executive management knowledge that CISOs need and the technical knowledge that many sitting and aspiring CISOs have. This can be a crucial gap as a practitioner endeavor to move from mid-management to upper, executive management roles. Much of this is traditionally learned as on the job training, but the CCISO Training Program can be the key to a successful transition to the highest ranks of information security management.

Training includes

  • Instructor-led, streaming video training modules – 1-year access
  • Official EC-Council e-courseware – 1-year access
  • Certification Exam Voucher
  • Certificate of Attendance

Course outline

In this course, you will learn in-depth content in each of the five CCISO domains:

  • Domain 1 covers the importance of governance, including policy writing, aligning the security program to industry-recognized frameworks, and adhering to law and regulations.
  • Domain 2 focuses on management controls, audit management, and risk management, taking you through detailed examples of how to run an audit, and how to implement audit findings, including choosing the correct management controls for each situation, and the importance of understanding asset value, risk tolerance, and risk treatment plans.
  • Domain 3 goes through the day to day work of a CISO – including project management and how to ensure that information security is part of projects from their inception.
  • Domain 4 stresses the importance of understanding technology and information security core concepts in order to lead teams of technicians and analysts and make decisions around technology issues. Technical issues are addressed from an executive point of view.
  • Domain 5 addresses leadership, aligning security programs to the overall goals of the business, strategic management, executive buy-in, financial management and much more.
  • Taken together, these five domains of the C|CISO program provide the foundations to become an effective and knowledgeable executive information security practitioner.

Experience requirement for the CCISO exam

To sit for the exam after taking training, candidates must have five years of experience in three of the five CCISO Domains verified via the Exam Eligibility Application.

Who is it for

The CCISO program is for executives looking to hone their skills and better align their information security programs with business goals and objectives. This program also encourages existing CISOs to improve their technical and management skills as well as business procedures.

Duration: 40 hours or 4 full-day sessions

Cost: $3,100 + HST

ORION Flexible Online Training courses are exclusively for ORION constituents. Organizers have the right to restrict access to online resources accordingly.


For more information, please contact ORION’s Community Development team at